Академический Документы
Профессиональный Документы
Культура Документы
Chapter 5
Traffic regulators:
Network interfaces, hubs,
switches, bridges, routers, and
firewalls
In the previous chapter, you learned how network hardware and software follow rules, called
protocols, in order to convey information in an orderly fashion. In this chapter, we focus on one
particular set of network hardware devices—network interfaces, hubs, switches, bridges, routers,
and firewalls. These devices interconnect individual computers and ensure that they communicate
efficiently.
In order to understand the role of these devices, it is helpful to consider once again our analogy
between networks and information highways. In this analogy, the network manager is like a city
planner. The manager defines the resources that will be available to the network town—for
example, student laboratories, teachers’ computers, accounting and grade systems, Web servers,
electronic mail systems, and so forth. The manager also decides where to locate those resources
and the capacity of the roads leading to them. For example, you network will contain small streets
(less costly to implement and maintain) for areas with low traffic, large streets with traffic lights
for areas of moderate traffic, and highways with limited access for areas of high traffic density.
Finally, the manager considers how and when to restrict access to some resources that should
remain private.
Network interfaces, hubs, bridges, switches, routers, and firewalls work together in a number of
ways to create these different kinds of network roadways.
• First, these devices regulate the speed at which your network information travels. For
example, you can interconnect individual computers through the use a device called hub (to
which individual computers are connected like the spokes of a bicycle wheel). Depending on
the speed of the hub that you purchase, the interconnected computers will operate at 10 Mbps
(relatively low) or 100 Mbps (moderate) or 1000 Mbps (very high). Network interfaces,
bridges, switches, routers, and firewalls, offer the same speed options.
• Second, these devices manage the flow of traffic, opening, closing, or directing it to specific
streets as the need arises. For example, a device called a router suggests the most efficient
route for network traffic to travel to its destination. As another example, a device called a
switch opens a circuit, or connection, directly between two communicating computers and
Purchasing Considerations
When you purchase a network interface, you should consider the
following guidelines:
• Make sure that the network interfaces on all computers are
compatible with the physical and data link protocol you have chosen.
For example, if you are running a 10BaseT Ethernet network, then
all network interfaces must also use this protocol.
• Make sure that the network interface is compatible with the slot into
which it will be inserted. Slots provide places on your computer's
main circuit board (motherboard) where you can insert daughter
circuit boards that add functionality to your computer (for example,
network interfaces, modems, and so forth). Common slot types
include PCI (Peripheral Component Interconnect), ISA (Industry
Standard Architecture), EISA (Extended Industry Standard
Architecture), among others. Each slot type specifies the speed,
number of data bits used in the signal, and the number and position
of wires on the motherboard used for communication inside the
computer. PCI is the newest and fastest of the slots, although EISA
and ISA slots are sufficient for most common network interface
cards such as those for 10BaseT Ethernet. Most computers include
slots of several different types. Before you order a network interface,
check your computer to determine which slots are available, and then
check your motherboard manual to ascertain the slot type. Order a
card appropriate for your slot.
• Purchase network interfaces from a known manufacturer whose
support you trust. Make sure the manufacturer provides a
competitive warranty.
• Macintosh computers usually come with network interfaces as part
of their main circuit boards. Some Windows PCs, however, still
require that you purchase a network interface (for new PCs, your
vendor may install the interface for you).
Practical advice
Purchasing Considerations
When you purchase a hub, you may wish to keep the following
information in mind:
• Like network interfaces, your hubs must be compatible with your
physical and data link level protocols. If you are running a 10BaseT
Ethernet network, then you must purchase 10BaseT hubs. Some
hubs, called multiprotocol hubs, can accommodate more than one
5.3 Switches
Like a hub, an Ethernet switch is a device that gathers the signals from devices that are connected
to it, and then regenerates a new copy of each signal.
You can see a picture of a switch at:
http://www.asante.com/products/p_sw6.html .
You can see a diagram of a switched network at
http://www.networking.ibm.com/mse/mse0c01.html (Figures 3 and 4)
Switches, however, are more powerful than hubs and can substantially increase your network
performance. In order to understand how they perform this magic, it is necessary to understand
first how they work.
Most common switches operate by learning the MAC addresses of all connected clients, servers,
and peripherals, and associating each address with one of its ports. When a switch receives an
incoming signal, it creates a temporary circuit between the sender and receiver. The temporary
circuit provides two important benefits.
• First, the circuit allows the sender and receiver momentarily to exchange information
without intrusion from other devices on the network. That is, each pair of
communicating devices utilizes the full bandwidth (data carrying capacity) of the
network instead of sharing that bandwidth, as they do in unswitched Ethernet
networks. To say this another way, each switch port defines a collision domain
containing only a small number of devices and thereby helps provide maximum
performance for Ethernet networks.
• Second, the circuit ensures that information travels directly between the
communicating computers. This behavior differs markedly from unswitched Ethernet
networks. In unswitched networks, data from a transmitting computer is sent by the
nearest hub to all connected devices (not just to the recipient) and therefore congests
parts of the network needlessly.
Like all network equipment, switches benefit your network only if they are deployed in the proper
manner. If your network is congested and if traffic pools in certain areas, then you can improve
network performance by replacing hubs with switches, or by connecting hubs to switches in a
hierarchical manner. (You can see a diagram of a school network that uses a hierarchy of
switches and hubs at http://www.3com.com/nsc/500612c.html . The switches are gray boxes and
the hubs are black boxes labeled with numbers to indicate how many ports they have.) For the
pools of heavy traffic, switches increase bandwidth while segregating the traffic from the rest of
the network. However, if your network is not congested or if your traffic patterns do not create
pools of congestion, then switches may actually cause your network performance to deteriorate.
Purchase Considerations
When you purchase and install a switch, you should review and
apply the following criteria:
• Your switches must be compatible with your physical and data link
level protocols. If you are running a 10BaseT Ethernet network, then
you must purchase a 10BaseT switch.
• Some switches can accommodate more than one physical or data link
level protocol. For example, modern switches accommodate both
10BaseT and 100BaseTX protocols. It is wise to purchase a switch
with at least one 100BaseTX port, since you can interconnect your
switches via their high speed ports to improve network performance
(even if the remainder of your network uses 10BaseT).
• If you purchase a switch that accommodates more than one protocol,
then make sure that it automatically senses which protocol is being
used on each port. Autosensing switches ensure that you can connect
any part of the network to any switch port. (Older switches required
that you attach each segment of the network to a port compatible
with its physical and data link level protocol. Keeping the segments
and ports straight presents a management headache.)
• Purchase switches from a known manufacturer whose support you
trust. Make sure the manufacturer provides a competitive warranty.
• Install your switches in a room that is cool and free of dust, if
possible. Additionally, plug your switches into an uninterruptible
power supply (UPS) to ensure that they receive clean power. (We
discuss uninterruptible power supplies in Chapter 2.)
5.4 Bridges
A bridge is a device that connects two or more local area networks, or two or more segments of
the same network. For example, suppose that your network includes both 10BaseT Ethernet and
LocalTalk connections. You can use a bridge to connect these two networks so that they can
share information with each other.
In addition to connecting networks, bridges perform an additional, important function. They filter
information so that network traffic intended for one portion of the network does not congest the
rest of the network. (You may remember from the previous section that switches also perform
Purchase Considerations
When you consider purchase of a bridge, you should follow
these guidelines:
• Before you decide on your purchase, take a moment to clarify what
you wish to achieve (connecting a Macintosh LocalTalk lab to
Ethernet? connecting two Ethernet segments?). Then work with your
technical staff, or with manufacturers and consultants, to determine
your options. You can often use a hub, switch, or router in the same
places that you can use a bridge. Each device brings its unique set of
strengths and weaknesses to the job.
• Make sure that the bridge is compatible with your physical and data
link protocols.
• Purchase bridges from a known manufacturer whose support you
trust. Make sure the manufacturer provides a competitive warranty.
• Install your bridges in a room that is cool and free of dust, if
possible. Additionally, plug your bridges into an uninterruptible
power supply (UPS) to ensure that they receive clean power. (We
discuss uninterruptible power supplies in Chapter 2.)
5.5.1 Routers
Like bridges, routers are devices whose primary purpose is to connect two or more networks and
to filter network signals so that only desired information travels between them. For example,
routers are often used to regulate the flow of information between school networks and the
Internet. However, routers can inspect a good deal more information than bridges, and they
therefore can regulate network traffic more precisely. They also have another important
capability: they are aware of many possible paths across the network and can choose the best one
for each data packet to travel.
Routers operate primarily by examining incoming data for its network routing and transport
information—for example, information carried within the TCP/IP, IPX/SPX, or AppleTalk
portions of the network signal. This information includes the source and destination network
routing addresses. (Remember that every client, server, and peripheral on the network maintains
multiple addresses, including both a data link and network routing addresses. The two addresses
Practical advice
Purchase Considerations
When you purchase and install a router, you may wish to keep
the following points in mind:
• It is best to purchase all routers from a single manufacturer.
Purchasing routers from a single manufacturer ensures that the
software you use to configure and manage the routers via the
network will be compatible across devices (it is very important to be
able to monitor and manage routers across the network if you want to
Types of firewalls
Firewalls can be divided into three major categories: packet-screening firewalls, proxy servers,
and stateful inspection proxies.
Packet-screening firewalls. Packet-screening firewalls operate by examining incoming or
outgoing signals for information at OSI level 3, the network addressing level. For example, you
can configure your firewall to examine incoming packets for their Internet (IP) source address
(the place where the information originated); you can deny access to your network if the packet
comes from a network(s) that you have identified as unauthorized. Alternatively, your firewall
can examine information leaving your network for its Internet (IP) destination address (where the